Analytics
Analytics
Analytics 569
Analytics
RETIRED MACHINE

Analytics

Analytics - Linux Linux
Analytics - Easy Easy

4.1

MACHINE RATING

16525

USER OWNS

15642

SYSTEM OWNS

07/10/2023

RELEASED
Created by 7u9y & TheCyberGeek

Machine Synopsis

Analytics is an easy difficulty Linux machine with exposed HTTP and SSH services. Enumeration of the website reveals a `Metabase` instance, which is vulnerable to Pre-Authentication Remote Code Execution (`[CVE-2023-38646](https://nvd.nist.gov/vuln/detail/CVE-2023-38646)`), which is leveraged to gain a foothold inside a Docker container. Enumerating the Docker container we see that the environment variables set contain credentials that can be used to SSH into the host. Post-exploitation enumeration reveals that the kernel version that is running on the host is vulnerable to `GameOverlay`, which is leveraged to obtain root privileges.

Machine Matrix

Ready to start your
hacking journey?